Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Aug. 23rd 2021

Aug 23, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities



Node.js released a security fix for several high-severity issues that pose a risk to anyone making HTTPS requests. HTTP Toolkit:



T-Mobile is investigating a breach that exposed the personal data of up to 100m customers, including social security numbers, addresses and more. KrebsonSecurity:



In June, maintainers fixed a minor problem in glibc; but the fix introduced a worse vulnerability, CVE-2021-38604, which could trigger a denial-of-service issue. ZDNet:


Chinese hackers

A researcher discovered that a Chinese government hacking group had developed a web attack framework that exploited vulnerabilities in 58 popular websites. The Record:



BlackBerry disclosed that a BadAlloc vulnerability impacted its QNX Real Time Operating System, one of the world’s most prevalent RTOSs. Australian Cyber Security Centre:


Mozi IoT botnet

A peer-to-peer botnet that targets IoT devices now impacts network gateways manufactured by Netgear, Huawei and ZTE. The Hacker News:



Hackers stole almost $100m in cryptocurrency from Liquid, a leading Japanese cryptocurrency exchange. BBC:


U.S. Census Bureau

Hackers targeted U.S. Census Bureau servers with a cyberattack in 2020. They created fake user accounts but apparently did not compromise the 2020 census. The Hill:


Tokio Marine Insurance Singapore

This subsidiary of Tokio Marine Group announced that it experienced a ransomware attack and had isolated its network to prevent further damages. Insurance Journal:


Memorial Health System

Hospitals in West Virginia and Ohio diverted patients to other care providers due to a ransomware attack that disrupted the IT systems of all clinics and three hospitals. Infosecurity Magazine:



This large British publishing company is paying $1 million to settle charges that it misled investors about a 2018 data breach. TechCrunch:


Ryan Specialty Group

A Chicago-based specialty intermediary company announced that it experienced a cyberattack in April, and the hackers may have accessed personal information. Business Insurance:


Bar Ilan University

Israel’s Bar Ilan University reported a cyberattack and urged staff to shut down their computers. Authorities believe the attack to have a criminal motive rather than espionage. Haaretz:


Elasticsearch cluster

Researchers found a U.S. government terrorism watchlist open on the internet in an exposed Elasticsearch cluster. Tech Target:


St. Joseph’s/Candler

The largest healthcare network in Savannah, Georgia, admitted that a ransomware attack it discovered two months ago had exposed the medical and financial data of 1.4m people. The Daily Swig:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.